Leveraging Process Framework in Financial Compliance
2010 APQC Member Meeting November 4, 2010 BA Brooks , Mgr Accounting Services, Marathon
1 Discussion Topics
Initial use of framework in SOX 404 documentation
Expanded use in 2007 across compliance initiatives, enterprise content management, and major project management
Continued use of process framework in finance initiatives
2 Original Business Issue
In mid-2003 collected considerable amount of unstructured process and controls documentation – Used process based templates, but limited process knowledge in business resulted in less than optimal results – Difficult to access gaps in documentation – Difficult to access gaps in controls – External auditor questions on early documentation results Solution: Developpp process framework and correlate documentation to framework – Reviewed several frameworks, including APQC, and custom designed framework – Process, sub-process, business activity, risk, controls
3 Process Framework - 2004
Plan & Provide Provide Manage Decision Corporate Business Support Governance
Perform Refine & Operate Perform Transport Market Well Produce Retail Exploration Products Products Prodiduction Products Outlets
Manage, Manage Manage Manage Manage Calculate Maintain Health, Programs & Supply & Commodity Reserves Assets & Environment Projects Trading Trading Facilities & Safety
Manage Provide Procure Manage Manage Customs & Manage Control Customer Materials & Support Human Foreign Logistics Inventory Support Services Services Resources Trade Zones
Manage Manage Account for Manage Manage Manage IT Capital & In-House Revenue Taxes Accounting Risk Credit Documentation Hierarchy
Process – Sub-process . Location – Business Activity • Control Objective (with attributes, e.g., COSO Control Objective Type, Control Objective Priority (Risk), Related Account Balance, Related Financial Disclosure ) - Control Activities (with attributes, ege.g, Enabler, Transactional Assertion, Financial Statement Assertion, Control Criticality, Control Type, Control Fre quenc y) Framework Utilization
Scoping – Locations and processes – Critical applications Risk Assessment Documentation organization – Early tool-set, RCTS Process maps Aggregation Segregation of duties analysis
6 Next Step in Evolution
Enterprise Compliance Tool-set Implementation – SOX 404 driver – PCI – Procurement and ITGC operational compliance – Issue: how to organize data to achieve objective of documenting and testing controls once across multiple initiatives Enterprise Content Management – Documentation structure Project Management – Documentation structure
7 Adoption of APQC Framework
Compliance, ECM, PM agreed to adopt form of APQC Upstream, Downstream Process Framework – ECM, PM have provided feedback to APQC on enhancement modifications Compliance used a modified form of the two frameworks in new system – Used first two nodes of APQC framework – Used terminology familiar to Company for ease of internal adoption – Cons is tency be tween Company an d APQC framewor k is numbering sequence
8 Latest Use of Process Framework
Implementation of SAP and Sun Security Architecture – Automation of security provisioning – Re design of SAP task roles – Design of functional and enterprise roles for provisioning through Sun tool – Utilized business process naming conventions for functional roles . Goal: greater understanding of security roles for supervision Use process framework in developing testing scripts to ensure appropriate testing coverage
9 Key Learnings
Adapt framework to your business rather than adapt business to the framework – Adapt terminology to wording more understandable to your company
Can have successful adoption even if company does not have well established process ownership
Can implement from bottom up rather than top down and can implement across enterprise when have collaboration among initiative leaders
Understanding and acceptance improves over time – Think in verbs, not nouns
10 Business Benefits
Improved use of enterprise software rather than single initiative solutions
Quicker assimilation into new workgroups
Common language
11